OcNOS DC : Layer 2 Guide : Layer 2 Configuration : Traffic Mirroring Configuration
Traffic Mirroring Configuration
This chapter contains a sample local and remote switched port analyzer feature configuration.
SPAN Overview
Switched Port Analyzer (SPAN) refers to selecting network traffic for analysis by a network analyzer. SPAN feature is introduced on switches as the switch forwards traffic that is destined for a MAC address directly to the corresponding port leaving no scope to analyze the traffic.
SPAN monitors the traffic on source port and sends a copy of the traffic to a destination port. The network analyzer, which is attached to the destination port, analyzes the received traffic. Source port can be a single port or multiple ports. A replication of the packets is sent to the destination port for analysis
SPAN is originally referred to port mirroring or port monitoring where all the network traffic on the source port is mirrored to destination port. Port mirroring has three subdivisions.
Ingress mirroring: Traffic received on the source port will be monitored
Egress mirroring: Traffic transmitted from the source port will be monitored
Ingress and egress mirroring: Both received and transmitted traffic on the source port will be monitored.
With enhancements to SPAN, mirroring can be classified into three categories.
Port Mirroring
In port mirroring, source will be a port which could be a physical interface or a port channel. All the traffic on the source port will be mirrored to destination port. Either traffic received on the source port or traffic transmitted from the source port or both can be monitored.
Note: If monitor session configured with two or more source interfaces in the Egress direction (tx) then the destination mirror port will receive only one copy of the non-unicast packet.
Also, the mirrored packet would be having default TPID of the mirror destination port i.e. 0x8100.
VLAN Mirroring
In VLAN mirroring, the source is a VLAN identifier and the traffic received on all ports with the VLAN identifier matching source VLAN identifier are mirrored to destination port.
Rule Based Mirroring
In rule based mirroring, there is a set of matching criteria for the ingress traffic such as matching destination MAC address, matching frame type, and so on. The traffic matching the rules is mirrored to the destination port
Topology
SPAN Topology
Port Mirroring Configuration
This example shows detailed configuration of port mirroring.
#configure terminal
Enter configure mode.
(config)# bridge 1 protocol mstp
Configure bridge 1 as MSTP bridge.
(config)# vlan 101-110 bridge 1 state enable
Configure VLANs.
(config)#interface xe10
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe20
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe5
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)#exit
Exit interface mode.
(config)# monitor session 1
Enter monitor session configuration mode
(config-monitor)# destination interface xe5
Configure the interface as destination port
(config-monitor)# source interface xe10 both
Configure the source interface to mirror ingress as well as egress direction traffic
(config-monitor)# no shut
Activate monitor session
(config-monitor)#end
Exit monitor session configuration mode
Validation
Enter the below commands to confirm the configurations.
#show running-config monitor
!
monitor session 1
source interface xe10 both
destination interface xe5
no shut
 
#show monitor session all
session 1
---------------
type : local
state : up
source intf :
tx : xe10
rx : xe10
both : xe10
source VLANs :
rx :
destination ports : xe5
filter count :
 
Legend: f = forwarding enabled, l = learning enabled
 
If monitor session configured with two source interface as egress direction (tx) then the destination port will receive only one copy of the egressed packet.
#configure terminal
Enter configure mode.
(config)# bridge 1 protocol mstp
Configure bridge 1 as MSTP bridge.
(config)# vlan 101-110 bridge 1 state enable
Configure VLANs.
(config)#interface xe10
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe20
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe30
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe5
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)#exit
Exit interface mode.
(config)# monitor session 1
Enter monitor session configuration mode
(config-monitor)# destination interface xe5
Configure the interface as destination port
(config-monitor)# source interface xe10 tx
Configure the source interface to mirror egress direction traffic
(config-monitor)# source interface xe30 tx
Configure the source interface to mirror egress direction traffic
(config-monitor)# no shut
Activate monitor session
(config-monitor)#end
Exit monitor session configuration mode
Validation
#show running-config monitor
!
monitor session 1
source interface xe10 tx
source interface xe30 tx
destination interface xe5
no shut
 
#show monitor session all
session 1
---------------
Type : local
State : up
source intf :
tx : xe10 xe30
rx :
both :
source VLANs :
rx :
destination ports : xe5
filter count :
Legend: f = forwarding enabled, l = learning enable
If you send 10 frames from xe20 packets egress via xe10 and xe30, then on mirror destination port only 10 packets are received.
 
VLAN and Rule Based Mirroring
This example shows detailed configuration of VLAN with rule based mirroring.
 
#configure terminal
Enter configure mode.
(config)# bridge 1 protocol mstp
Configure bridge 1 as MSTP bridge.
(config)# vlan 101-110 bridge 1 state enable
Configure VLANs
(config)#interface xe10
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up
(config-if)#exit
Exit interface mode.
(config)#interface xe20
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up
(config-if)#exit
Exit interface mode.
(config)#interface xe5
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)#exit
Exit interface mode.
(config)# monitor session 1
Enter monitor session configuration mode
(config-monitor)# destination interface xe5
Configure the interface as destination port
(config-monitor)# source vlan 101
Configure source VLAN to be mirrored
(config-monitor)# filter src-mac host 0000.0000.0005
Configure the rule to match the source MAC
(config-monitor)# no shut
Activate monitor session
(config-monitor)#end
Exit monitor session configuration mode
Validation
Enter the below commands to confirm the configurations.
#show running-config monitor
!
monitor session 1
source vlan 101
destination interface xe5
10 filter src-mac host 0000.0000.0005
no shut
 
 
#show monitor session all
session 1
---------------
type : local
state : up
source intf :
tx :
rx :
both :
source VLANs :
rx : 101
destination ports : xe5
filter count : 1
 
Legend: f = forwarding enabled, l = learning enabled
 
 
#show monitor session 1 filter
session 1
---------------
filter count : 1
 
---------------
match set 1
---------------
source mac address : 0000.0000.0005 (host)
RSPAN Overview
When several switches need to be analyzed with a single centralized sniffer, remote switched port analyzer (RSPAN) is used. In RSPAN, all the mirrored traffic will be tagged with a RSPAN VLAN ID and forwarded to remote destination via a port called reflector port. Reflector port will have the same characteristics of a local destination port. RSPAN VLAN ID will be a dedicated VLAN for the monitoring purpose and will not participate in bridging. RSPAN destination switch will strip the RSPAN VLAN tag and send it the sniffer for analysis. RSPAN will have the same sub-categories as SPAN except that the mirrored traffic will be tagged with RSPAN VLAN header and forwarded to destination switch for analysis.
Topology
RSPAN Topology
Port Mirroring Configuration
This example shows detailed configuration of port mirroring.
 
#configure terminal
Enter configure mode.
(config)# bridge 1 protocol mstp
Configure bridge 1 as MSTP bridge.
(config)# vlan 101-110 bridge 1 state enable
Configure VLANs.
(config)#interface xe10
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe20
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe5
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)#exit
Exit interface mode.
(config)# monitor session 1 type remote
Enter monitor session configuration mode.
(config-monitor)# destination remote vlan 100 reflector-port xe5
Configure the interface as remote destination port
(config-monitor)# source interface xe10 both
Configure the source interface to mirror ingress as well as egress direction traffic.
(config-monitor)# no shut
Activate monitor session.
(config-monitor)#end
Exit monitor session configuration mode.
Validation
Enter the commands below to confirm the configurations
#show running-config monitor
!
monitor session 1 type remote
source interface xe10 both
destination remote vlan 100 reflector-port xe5
no shut
 
 
#show monitor session all
session 1
---------------
type : remote
state : up
source intf :
tx : xe10
rx : xe10
both : xe10
source VLANs :
rx :
rspan VLAN : 100
reflector ports : xe5
filter count :
 
Legend: f = forwarding enabled, l = learning enabled
 
 
 
 
VLAN and Rule Based Mirroring Configuration
This example shows detailed configuration of VLAN with rule based mirroring.
 
#configure terminal
Enter configure mode.
(config)# bridge 1 protocol mstp
Configure bridge 1 as MSTP bridge.
(config)# vlan 101-110 bridge 1 state enable
Configure VLANs.
(config)#interface xe10
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe20
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)# bridge-group 1
Associate bridge to an interface.
(config-if)# switchport mode trunk
Configure port as a trunk.
(config-if)# switchport trunk allowed vlan add 101-110
Allow VLANs 101-110 on the interface.
(config-if)# no shutdown
Make interface admin up.
(config-if)#exit
Exit interface mode.
(config)#interface xe5
Enter interface mode.
(config-if)# switchport
Configure interface as a layer 2 port.
(config-if)#exit
Exit interface mode.
(config)# monitor session 1 type remote
Enter monitor session configuration mode.
(config-monitor)# destination remote vlan 100 reflector-port xe5
Configure the interface as remote destination port.
(config-monitor)# source vlan 101
Configure source VLAN to be mirrored.
(config-monitor)# filter src-mac host 0000.0000.0005
Configure the rule to match the source MAC.
(config-monitor)# no shut
Activate monitor session.
(config-monitor)#end
Exit monitor session configuration mode.
Validation
Enter the commands below to confirm the configuration.
#show running-config monitor
!
monitor session 1 type remote
source vlan 101
destination remote vlan 100 reflector-port xe5
10 filter src-mac host 0000.0000.0005
no shut
 
 
#show monitor session all
session 1
---------------
type : remote
state : up
source intf :
tx :
rx :
both :
source VLANs :
rx : 101
rspan VLAN : 100
reflector ports : xe5
filter count : 1
 
Legend: f = forwarding enabled, l = learning enabled
 
 
#show monitor session 1 filter
session 1
---------------
filter count : 1
 
---------------
match set 1
---------------
source mac address : 0000.0000.0005 (host)
 
VLAN Mirroring Using VLAN Ranges Configuration
The Switch Port Analyzer (SPAN) monitors the traffic on source port and sends a copy of the traffic to a destination port. The network analyzer, which is attached to the destination port, analyzes the received traffic. The source port can either be a single port or multiple ports. A replication of the packets is sent to the destination port for analysis.
The SPAN is also referred to as port mirroring or port monitoring. It is installed in Layer 2 Access Control List (ACL) group by default. It is used for monitoring Ingress MAC ACL or VLAN group. Any packet received can be monitored based on source port including Physical or MAC or VLAN port.
This is an existing VLAN monitor session feature in the OcNOS DC, enhanced in current release to support VLAN ranges.
The following two CLIs are updated to support the VLAN ranges:
filter
Feature Characteristics
The VLAN range is supported only for ingress traffic.
LIMITATIONS
The ingress port mirroring is not supported for sub-interface and Switched Virtual Interface (SVI) interface.
Benefits
Users can apply port monitoring rules for multiple source ports, multiple VLANs, and a combination of port and VLAN ranges.
Configuration
To configure an ingress VLAN monitor session using VLAN ranges, perform the following configurations:
Topology
SPAN Topology
VTEP1
 
VTEP1#configure terminal
Enter configure mode.
VTEP1(config)#hardware-profile filter ingress-mirror enable
Enable hardware profile igress mirror.
VTEP1(config)#nvo vxlan enable
Enable vxlan.
VTEP1(config)#evpn esi hold-time 60
Configure esi hold timer.
VTEP1(config)#evpn vxlan multihoming enable
Enable VxLAN multihoming.
VTEP1(config)#mac vrf VRF1
Configure MAC VRF as VRF1.
VTEP1(config-vrf)#rd 1.1.1.1:11
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 9.9.9.9:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF2
Configure MAC VRF as VRF2.
VTEP1(config-vrf)#rd 1.1.1.1:21
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 90.90.90.90:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF3
Configure MAC VRF as VRF3.
VTEP1(config-vrf)#rd 1.1.1.1:22
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 90.90.90.90:101
Configure route-target import and export.
VTEP1(config)#mac vrf VRF4
Configure MAC VRF as VRF4.
VTEP1(config-vrf)#rd 1.1.1.1:23
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 10.10.10.10:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF5
Configure MAC VRF as VRF5.
VTEP1(config-vrf)#rd 1.1.1.1:24
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 20.20.20.20:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF6
Configure MAC VRF as VRF6.
VTEP1(config-vrf)#rd 1.1.1.1:25
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 30.30.30.30:100
Configure route-target import and export.
VTEP1(config)#mac vrf VRF7
Configure MAC VRF as VRF7.
VTEP1(config-vrf)#rd 1.1.1.1:26
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 40.40.40.40:100
Configure route-target import and export.
VTEP1(config-vrf)#exit
Exit from VRF mode
VTEP1(config)#mac vrf VRF8
Configure MAC VRF as VRF8
VTEP1(config-vrf)#rd 1.1.1.1:27
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 50.50.50.50:100
Configure route-target import and export.
VTEP1(config-vrf)#exit
Exit from VRF mode.
VTEP1(config)#mac vrf VRF9
Configure MAC VRF as VRF2.
VTEP1(config-vrf)#rd 1.1.1.1:28
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 60.60.60.60:100
Configure route-target import and export.
VTEP1(config-vrf)#exit
Exit from VRF mode.
VTEP1(config)#mac vrf VRF10
Configure MAC VRF as VRF2.
VTEP1(config-vrf)#rd 1.1.1.1:29
Configure route distinguisher value.
VTEP1(config-vrf)#route-target both 70.70.70.70:100
Configure route-target import and export.
VTEP1(config-vrf)#exit
Exit from VRF mode.
VTEP1(config)#nvo vxlan vtep-ip-global 1.1.1.1
Enable VxLAN Source VTEP IPp address global configuration.
VTEP1(config)#nvo vxlan id 10 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF1
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 20 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF2
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 21 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF3
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 23 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF4
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 24 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF5
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 25 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#VxLAN host-reachability-protocol evpn-bgp VRF6
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo VxLAN id 26 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#VxLAN host-reachability-protocol evpn-bgp VRF7
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo VxLAN id 27 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF8
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 28 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF9
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#nvo vxlan id 29 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP1(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF10
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP1(config-nvo)#exit
Exit from the VxLAN mode.
VTEP1(config)#qos enable
Enable QoS.
VTEP1(config)#hostname VTEP1
Configure system's network name as VTEP1
VTEP1(config)#interface lo
Enter loopback interface mode.
VTEP1(config-if)#ip address 1.1.1.1/32 secondary
Configure the secondary IP address of the- loopback interface
VTEP1(config)#interface xe48
Enter interface mode.
VTEP1(config-if)#load-interval 30
Configure load interval.
VTEP1(config-if)#ip address 10.10.10.1/24
Configure the IP address of the interface.
VTEP1(config-if)#exit
Exit from interface mode.
VTEP1(config)#interface xe49
Enter interface mode.
VTEP1(config-if)#switchport
Enter the switchport mode.
VTEP1(config-if)#load-interval 30
Configure load interval.
VTEP1(config-if)#exit
Exit from interface mode.
VTEP1(config)#interface xe54
Enter interface mode.
VTEP1(config-if)#switchport
Enter the switchport mode.
VTEP1(config-if)#load-interval 30
Configure load interval.
VTEP1(config-if)#exit
Exit from interface mode.
VTEP1(config)#router ospf 100
Configure router ospf process ID.
VTEP1(config-router)#ospf router-id 1.1.1.1
Configure OSPF router id
VTEP1(config-router)#bfd all-interfaces
Enable BFD all interfaces
VTEP1(config-router)#network 1.1.1.1/32 area 0.0.0.0
Configure network and area as 0
VTEP1(config-router)#network 10.10.10.0/24 area 0.0.0.0
Configure network and area as 0
VTEP1(config-router)#exit
Exit from router ospf mode
VTEP1(config)#router bgp 500
Configure router bgp AS number
VTEP1(config-router)#bgp router-id 1.1.1.1
Configure BGP router ID.
VTEP1(config-router)#neighbor 2.2.2.2 remote-as 500
Configure a neighbor router and Peer AS Specify AS number of BGP neighbor.
VTEP1(config-router)#neighbor 2.2.2.2 update-source lo
Configure a neighbor router and Source of routing updates as loopbacl
VTEP1(config-router)#neighbor 2.2.2.2 advertisement-interval 0
Configure a neighbor router and minimum interval between sending BGP routing updates
VTEP1(config-router)#address-family ipv4 unicast
Enter Address Family command mode
VTEP1(config-router-af)#network 1.1.1.1/32
Configure a network to announce via BGP
VTEP1(config-router-af)#neighbor 2.2.2.2 activate
Activate the neighbor
VTEP1(config-router-af)#exit-address-family
Exit from address family mode
VTEP1(config-router)#address-family l2vpn evpn
Enter Address Family with l2vpn evpn Identifier
VTEP1(config-router-af)#neighbor 2.2.2.2 activate
Activate the neighbor
VTEP1(config-router-af)#exit-address-family
Exit from address family mode
VTEP1(config-router)#exit
Exit from router bgp mode
VTEP1(config)#monitor session 1
Configure Ethernet SPAN session with preferences
VTEP1(config-monitor)#source interface xe49 rx
Configure source interface as Ingress
VTEP1(config-monitor)#destination interface xe54
Configure destination interface.
VTEP1(config-monitor)#10 filter vlan 2-6
Configure sequence number with filter option and specify the vlan ranges.
VTEP1(config-monitor)#no shut
Unshut a monitor session.
VTEP1(config-monitor)#exit
Exit from monitor session.
VTEP1(config)#nvo vxlan max-cache-disable 2500
Configure vxlan Max number of ARP/ND cache disable allowed for port-vlan
VTEP1(config)#nvo vxlan access-if port-vlan xe49 2
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 22
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 3
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 23
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 4
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 24
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 5
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 25
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 6
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 26
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 7
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 27
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 8
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 28
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 9
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP1(config-nvo-acc-if)#map vnid 29
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 10
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP1(config-nvo-acc-if)#map vnid 10
Map access port attribute with VxLAN Identifier.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 11
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP1(config-nvo-acc-if)#map vnid 21
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#nvo vxlan access-if port-vlan xe49 12
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP1(config-nvo-acc-if)#map vnid 20
Map access port attribute with VxLAN Identifier.
VTEP1(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP1(config)#commit
Commit the candidate configuration to the running configuration.
 
VTEP2
VTEP2#configure terminal
Enter configure mode.
VTEP2(config)#hardware-profile filter ingress-mirror enable
Enable hardware profile igress mirror
VTEP2(config)#nvo vxlan enable
Enable vxlan
VTEP2(config)#evpn esi hold-time 60
Config esi hold timer
VTEP2(config)#evpn vxlan multihoming enable
Enable vxlan multihoming
VTEP2(config)#mac vrf VRF1
Configure mac vrf as VRF1
VTEP2(config-vrf)#rd 2.2.2.2:11
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 9.9.9.9:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF2
Configure mac vrf as VRF2
VTEP2(config-vrf)#rd 2.2.2.2:21
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 90.90.90.90:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF3
Configure mac vrf as VRF3
VTEP2(config-vrf)#rd 2.2.2.2:22
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 90.90.90.90:101
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF4
Configure mac vrf as VRF4
VTEP2(config-vrf)#rd 2.2.2.2:23
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 10.10.10.10:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF5
Configure mac vrf as VRF5
VTEP2(config-vrf)#rd 2.2.2.2:24
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 20.20.20.20:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF6
Configure mac vrf as VRF6
VTEP2(config-vrf)#rd 2.2.2.2:25
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 30.30.30.30:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF7
Configure mac vrf as VRF7
VTEP2(config-vrf)#rd 2.2.2.2:26
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 40.40.40.40:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF8
Configure mac vrf as VRF8
VTEP2(config-vrf)#rd 2.2.2.2:27
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 50.50.50.50:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF9
Configure mac vrf as VRF9
VTEP2(config-vrf)#rd 2.2.2.2:28
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 60.60.60.60:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#mac vrf VRF10
Configure mac vrf as VRF10
VTEP2(config-vrf)#rd 2.2.2.2:29
Configure route distinguisher value.
VTEP2(config-vrf)#route-target both 70.70.70.70:100
Configure route-target import and export
VTEP2(config-vrf)#exit
Exit from vrf mode
VTEP2(config)#nvo vxlan vtep-ip-global 2.2.2.2
Enable vxlan Source Vtep Ip address global configuration
VTEP2(config)#nvo vxlan id 10 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF1
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 20 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF2
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 21 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF3
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 22 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF3
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 23 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF4
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 24 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF5
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 25 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF6
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 26 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF7
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 27 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF8
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 28 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF9
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#nvo vxlan id 29 ingress-replication
Enable VxLAN Network Identifier Head End Replication tenant type.
VTEP2(config-nvo)#vxlan host-reachability-protocol evpn-bgp VRF10
Host reachability protocol multiprotocol BGP VRF to carry EVPN routes.
VTEP2(config-nvo)#exit
Exit from the VxLAN mode.
VTEP2(config)#qos enable
Enable QoS.
VTEP2(config)#hostname VTEP2
Configure system's network name as VTEP2.
VTEP2(config)#interface lo
Enter loopback interface mode.
VTEP2(config-if)#ip address 2.2.2.2/32 secondary
Configure the secondary IP address of the loopback interface.
VTEP2(config-if)#exit
Exit from interface mode.
VTEP2(config)#interface xe47
Enter interface mode.
VTEP2(config-if)#switchport
Enter the switchport mode.
VTEP2(config-if)#load-interval 30
Configure load interval.
VTEP2(config-if)#exit
Exit from interface mode.
VTEP2(config)#interface xe48
Enter interface mode.
VTEP2(config-if)#ip address 30.30.30.1/24
Configure the IP address of the interface.
VTEP2(config-if)#exit
Enter interface mode.
VTEP2(config)#interface xe57
Enter interface mode.
VTEP2(config-if)#switchport
Enter the switchport mode.
VTEP2(config-if)#load-interval 30
Configure load interval.
VTEP2(config-if)#exit
Exit from interface mode.
VTEP2(config)#router ospf 100
Configure router ospf process ID.
VTEP2(config-router)#ospf router-id 2.2.2.2
Configure OSPF router ID.
VTEP2(config-router)#bfd all-interfaces
Enable BFD all interfaces.
VTEP2(config-router)#network 2.2.2.2/32 area 0.0.0.0
Configure network and area as 0.
VTEP2(config-router)#network 30.30.30.0/24 area 0.0.0.0
Configure network and area as 0.
VTEP2(config-router)#exit
Exit from router OSPF mode.
VTEP2(config)#router bgp 500
Configure router BGP AS number.
VTEP2(config-router)#bgp router-id 2.2.2.2
Configure BGP router ID.
VTEP2(config-router)#neighbor 1.1.1.1 remote-as 500
Configure a neighbor router and Peer AS Specify AS number of BGP neighbor.
VTEP2(config-router)#neighbor 1.1.1.1 update-source lo
Configure a neighbor router and Source of routing updates as loopback.
VTEP2(config-router)#neighbor 1.1.1.1 advertisement-interval 0
Configure a neighbor router and minimum interval between sending BGP routing updates.
VTEP2(config-router)#address-family ipv4 unicast
Enter Address Family command mode.
VTEP2(config-router-af)#network 2.2.2.2/32
Configure a network to announce via BGP.
VTEP2(config-router-af)#neighbor 1.1.1.1 activate
Activate the neighbor.
VTEP2(config-router-af)#exit-address-family
Exit from address family mode.
VTEP2(config-router)#address-family l2vpn evpn
Enter Address Family with l2vpn evpn Identifier.
VTEP2(config-router-af)#neighbor 1.1.1.1 activate
Activate the neighbor.
VTEP2(config-router-af)#exit-address-family
Exit from address family mode.
VTEP2(config-router)#exit
Exit from router bgp mode.
VTEP2(config)#nvo vxlan max-cache-disable 2500
Configure vxlan Max number of ARP/ND cache disable allowed for port-vlan.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 2
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 22
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 3
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 23
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 4
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 24
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 5
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 25
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 6
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 26
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 7
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 27
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 8
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 28
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 9
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 29
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 10
Configure VxLAN access-if single tagged interface name with VLAN id.
VTEP2(config-nvo-acc-if)#map vnid 10
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 11
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP2(config-nvo-acc-if)#map vnid 21
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#nvo vxlan access-if port-vlan xe47 12
Configure VxLAN access-if single tagged interface name with VLAN id
VTEP2(config-nvo-acc-if)#map vnid 20
Map access port attribute with VxLAN Identifier.
VTEP2(config-nvo-acc-if)#exit
Exit from access-if mode.
VTEP2(config)#commit
Commit the candidate configuration to the running configuration.
 
Validation
Verify OSPF neighbors
VTEP1#show ip ospf neighbor
 
Total number of full neighbors: 1
OSPF process 100 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
11.11.11.11 1 Full/DR 00:00:29 10.10.10.2 xe48 0
VTEP1#
 
Checking the IP Routes
VTEP1#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
C 1.1.1.1/32 is directly connected, lo, 01:21:26
O 2.2.2.2/32 [110/3] via 10.10.10.2, xe48, 01:15:25
C 10.10.10.0/24 is directly connected, xe48, 01:16:11
O 11.11.11.11/32 [110/2] via 10.10.10.2, xe48, 01:15:25
C 20.20.20.0/24 is directly connected, xe52, 01:20:42
O 30.30.30.0/24 [110/2] via 10.10.10.2, xe48, 01:15:25
C 127.0.0.0/8 is directly connected, lo, 01:21:26
 
Gateway of last resort is not set
VTEP1#
VTEP1#
VTEP1#
 
 
 
 
 
 
Verify the BGP neighbors
VTEP1#show ip bgp neighbors
BGP neighbor is 2.2.2.2, remote AS 500, local AS 500, internal link, peer index: 12
BGP version 4, local router ID 1.1.1.1, remote router ID 2.2.2.2
BGP state = Established, up for 01:15:26
Last read 00:00:18, hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Address family L2VPN EVPN: advertised and received
Received 527 messages, 0 notifications, 0 in queue
Sent 502 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 0 seconds
Update source is lo
 
For address family: IPv4 Unicast BGP table version 2, neighbor version 2
Index 1, Offset 0, Mask 0x2
AIGP is enabled
Community attribute sent to this neighbor (both)
Large Community attribute sent to this neighbor
1 accepted prefixes
1 announced prefixes
 
 
For address family: L2VPN EVPN BGP table version 96, neighbor version 95
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
 
.skipping 1 line
31 accepted prefixes
Accepted AD:0 MACIP:20 MCAST:11 ESI:0 PREFIX:0
21 announced prefixes
 
Connections established 1; dropped 0
Local host: 1.1.1.1, Local port: 179
Foreign host: 2.2.2.2, Foreign port: 38227
TCP MSS: (0), Advertise TCP MSS: (1460), Send TCP MSS: (1460), Receive TCP MSS: (1460)
Sock FD : (22)
Nexthop: 1.1.1.1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
 
 
 
 
 
 
 
Verify the VxLAN access-if
 
VTEP1#show nvo vxlan access-if brief
 
Inner Admin Link
Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe49 2 --- 0x7a120 22 up up
xe49 3 --- 0x7a121 23 up up
xe49 4 --- 0x7a122 24 up up
xe49 5 --- 0x7a123 25 up up
xe49 6 --- 0x7a124 26 up up
xe49 7 --- 0x7a125 27 up up
xe49 8 --- 0x7a126 28 up up
xe49 9 --- 0x7a127 29 up up
xe49 10 --- 0x7a128 10 up up
xe49 11 --- 0x7a129 21 up up
xe49 12 --- 0x7a12a 20 up up
 
Total number of entries are 11
 
Note: Refer sub-interface config for VLAN information.
 
Verify the VxLAN tunnel
VTEP1#
VTEP1#
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
1.1.1.1 2.2.2.2 Installed 01:15:37 01:15:37
 
Total number of entries are 1
VTEP1#
 
Verify the VxLAN
 
VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
 
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
10 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
10 ---- -- AC xe49 --- Single Homed Port --- 10 ---- ---- ----
20 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
20 ---- -- AC xe49 --- Single Homed Port --- 12 ---- ---- ----
21 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
21 ---- -- AC xe49 --- Single Homed Port --- 11 ---- ---- ----
22 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
22 ---- -- AC xe49 --- Single Homed Port --- 2 ---- ---- ----
23 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
23 ---- -- AC xe49 --- Single Homed Port --- 3 ---- ---- ----
24 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
24 ---- -- AC xe49 --- Single Homed Port --- 4 ---- ---- ----
25 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
25 ---- -- AC xe49 --- Single Homed Port --- 5 ---- ---- ----
26 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
26 ---- -- AC xe49 --- Single Homed Port --- 6 ---- ---- ----
27 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
27 ---- -- AC xe49 --- Single Homed Port --- 7 ---- ---- ----
28 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
28 ---- -- AC xe49 --- Single Homed Port --- 8 ---- ---- ----
29 ---- L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
29 ---- -- AC xe49 --- Single Homed Port --- 9 ---- ---- ----
 
Total number of entries are 22
 
Note: Refer sub-interface config for VLAN information.
 
 
 
 
 
Verify the interface counters
VTEP1#
 
VTEP1#show interface counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
xe48 42.73 30012 14.25 10011
xe49 41.60 40625 10.24 10000
xe54 0.00 0 20.80 20312
VTEP1#
 
Validation for Port Mirroring
Verify the monitor
 
VTEP1#show monitor
Session State Reason Description
------- ----------- ---------------------- --------------------------------
1 up The session is up
VTEP1#
 
Verify the monitor session
 
VTEP1#show monitor session 1
session 1
---------------
type : local
state : up
source intf :
tx :
rx : xe49
both :
source VLANs :
rx :
destination ports : xe54
filter count : 1
 
Legend: f = forwarding enabled, l = learning enabled
 
VTEP1#
 
VTEP1#show monitor session 1 brief
session 1
---------------
type : local
state : up
source intf :
tx :
rx : xe49
both :
destination ports : xe54
filter count : 1
 
VTEP1#
 
VTEP1#show monitor session 1 filter
session 1
---------------
filter count : 1
 
---------------
match set 1
---------------
Sequence number : 10 vlan : 2-6
 
VTEP1#
 
END
Revised CLI Commands
hardware-profile filter (XGS)
The existing hardware-profile filter CLI syntax is updated as follows:
hardware-profile filter port-isolation (ingress-ipv4|ingress-ipv6|egress-ipv6|ingress-arp|bfd-group) (enable|disable)
to
hardware-profile filter port-isolation (ingress-mirror|ingress-ipv4|ingress-ipv6|egress-ipv6|ingress-arp|bfd-group) (enable|disable)
Refer to hardware-profile filter (XGS) CLI section for more details.
Use the new filter ingress-mirror profile for port mirroring when monitor session is installed with filters. when the specified filter profile is not enabled, port mirror uses default L2 group.
filter
The existing filter CLI syntax is updated as follows:
filter {vlan <2-4094> | cos <0-7> ...
(<1-268435453>/<1-4294967294> |) filter {vlan <2-4094>| cos <0-7> | dest-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | src-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | frame-type (ETHTYPE | arp (req | resp|) (sender-ip A.B.C.D|) (target-ip A.B.C.D|) | ipv4 (src-ip (A.B.C.D | A.B.C.D/M)|) (dest-ip (A.B.C.D | A.B.C.D/M)|) | ipv6 (src-ip X:X::X:X/M |) (dest-ip X:X::X:X/M |))}
to
(<1-268435453>/<1-4294967294> |) filter {vlan VLAN_RANGE|inner-vlan VLAN_RANGE| cos <0-7> | dest-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | src-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | frame-type (ETHTYPE | arp (req | resp|) (sender-ip A.B.C.D|) (target-ip A.B.C.D|) | ipv4 (src-ip (A.B.C.D | A.B.C.D/M)|) (dest-ip (A.B.C.D | A.B.C.D/M)|) | ipv6 (src-ip X:X::X:X/M |) (dest-ip X:X::X:X/M |))}
Refer to filter CLI section for more details.
Abbreviations
 
Acronym
Expansion
ACL
Access Control List
MAC
Media Access Control
SPAN
Switch Port Analyzer
VLAN
Virtual LAN
VxLAN
Virtual eXtensible Local Area Network